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(57) ABSTRACT 

There are provided a digital content management apparatus 
which further embodies a digital content management appa- 
ratus used with a user terminal, and a system which protects 
the secrets of a digital content. The system and the apparatus 
are a real time operating system using a microkernel, which 
is incorporated in the digital content management apparatus 
as an interruption process having high priority. When a user 
uses the digital content, whether there is an illegitimate 
usage or not, is watched by interrupting the usage process. 
In the case where illegitimate usage is carried out, a warning 
is given or the usage is stopped. The decryption/re- 
encryption functions of the digital content management 
apparatus having the decryption/re-encryption functions are 
not restricted to the inside of the user apparatus. By provid- 
ing the decryption/re-encryption functions between the 
networks, the exchange of secret information between dif- 
ferent networks is secured. By using this apparatus for 
converting a crypt algorithm, information exchange is made 
possible between systems which adopt different algorithms. 
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Fig. 1 
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Fig. 2 
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Fig. 3 
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Fig. 4 
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Fig. 5 
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DIGITAL CONTENT MANAGEMENT picture data which are originally analog content are digitized 

SYSTEM AND APPARATUS to a digital content and formed into a database in addition to 

the data such as characters which have been formed into a 

CROSS-REFERENCE TO RELATED database so far. 

APPLICATIONS 5 Under the above situation, how to handle a copyright of 

. . digital content formed into a database is a large problem. 

This is a continuation-in-part of prior U.S. patent appli- However, there has not been adequate copyright manage- 

cation Ser. No. 08/549,270 filed on Oct. 27, 1995 ABN and me nt means for solving the problem so far, particularly 

prior U.S. patent application Ser. No. 08/573,958 filed on copyright management means completed for secondary uti- 

Dec. 13, 1995, now U.S. Pat. No. 5,740,246, all of which are 1Q lization of the digital content such as copying, editing, or 

commonly assigned to the assignee of the present invention. transmitting of the digital content. 

Although digital content referred to as "software with 

BACKGROUND OF THE INVENTION advertisement"or as freeware is, generally, available free of 

1 Field of the Invention fee ' il is copyrighted and its use may be restricted by the 

. copyright depending on the way of use. 

The present invention relates to a system for managing 15 in view of the above, the inventor of the present invenUon 

digital content, specifically for managing a copyright of has made various proposals thus far in order to protect a 

digital content claiming the copyright and for securing copyright of the digital content. In GB 2269302 and U.S. 

secrecy of digital content, and also relates to an apparatus Pat . n 0 . 5,504,933, the inventor has proposed a system for 

implementing the system. executing copyright management by obtaining a permit key 

2. Background Art from a key management center through a public telephone 

In information-oriented society of today, a database sys- line, and has also proposed an apparatus for that purpose in 

tem has been spread in which various data values having GB 2272822. Furthermore, in EP 677949 and in EP 704785, 

been stored independently in each computer so far are a system has been proposed for managing the copyright of 

mutually used by computers connected by communication 25 me digital content. 

lines. In these systems and apparatus, those who wish to view 

The information handled by the prior art database system encrypted programs request to view a program using a 

is classical type coded information which can be processed communication device to a management center via a com- 

by a computer and has a small amount of information or munication line, and the management center transmits a 

monochrome binary data like facsimile data at most. 30 P ermit kev ^ response to the request for viewing, and 

Therefore, the prior art database system has not been able to charges and collects a fee, 

handle data with an extremely large amount of information Upon receipt of the permit key, those who wish to view 

such as a natural picture and a motion picture. tne program send the permit key to a receiver either by an 

However, while the digital processing technique for vari- on " line or m off - line means and the receiver, which has 

ous electric signals develops, development of the digital 35 received the permit key, decrypts the encrypted program 

processing art has shown progress for a picture signal other according to the permit key. 

than binary data having been handled only as an analog ^ system described in EP 677949 uses a program and 

signal. copyright information to manage a copyright in addition to 

By digitizing the above picture signal, a picture signal a key fo / Permitting usage in order to execute the manage- 

such as a television signal can be handled by a computer. 40 ment ° f a ™W l Z hi m displaying (including process to 

Therefore, a "multimedia system" for handling various data *? und ?' stonng .' co P ym S' edltm S' and < r ™tting of the 

handled by a computer and picture data obtained by digi- dlgltal Coatent P ul a database s y stem > eluding the real time 

tizing a picture signal at the same time is recognized as a trans **sion of digital picture content. The digital content 

future technique. management program for managing the copyright watches 

« , * . , . j , . j . 45 and manages to prevent from using the digital content 

Because hitherto widely-spread analog content is deteno- outside the wnditions of me user > s st or permission, 

rated in quality whenever storing, copying, editing, or trans- Cll m co ™ n/in , , *u ♦ *u j ■* i * * 

■ u * • ■ * j -*t *u u Furthermore, EP 677949 discloses that the digital content 

mitting it, copyright issues associated with the above opera- • r j r ■ j * ^ • 

t;™ w u i ui tt u i« • | is supplied from a database in an encrypted state, and is 

tions has not been a large problem. However, because digital A ♦ a % u j- i j j .A L ^ j* ■ t 

v ,1 * • 7 /• r. ft * * - decrypted only when displayed and edited by the digital 

content is not deteriorated in quality after repeatedly storing, / + J , ^ 7 u ., it _ & . 

»^-f «~ rt ♦ */*u * i * • uf 50 content management program, while the digital content is 

associated with the above operations » a large problem. ^ d ^ describes that the dig £ al C0Qtent management 

Because there is not hitherto any exact method for han- pr0 gram itself is encrypted and is decrypted by the permit 

dhng ;a copyright for digital content, the copyright is handled keV) and that the decrypted digital content management 

by the copyright law or relevant contracts. Even in the 55 program performs decryption and encryption of the digital 

copyright law, compensation money for a digital-type content, and when usage other than storing and displaying of 

sound- or picture-recorder is only systematized. tne digital content is executed, the copyright information is 

Use of a database includes not only referring to the stored as a history, in addition to the original copyright 

contents of the database but also normally effectively using information. 

the database by storing, copying, or editing obtained digital 60 i n TJ.S. patent application Ser. No. 08/549,270 and EP 
content. Moreover, it is possible to transmit edited digital 0715241 relating to" the present application, there is pro- 
content to another person via on-line by a communication poS ed a decryption/re-encryption apparatus having configu- 
line or via off-line by a proper recording medium. ration of a board, PCMCIA card or an IC card for managing 
Furthermore, it is possible to transmit the edited digital the copyright, and a system for depositing a crypt key. Also, 
content to the database to enter it as new digital content. 65 a reference is made to apply the copyright management 
In an existing database system, only character data is method to a video conference system and an electronic 
handled. In a multimedia system, however, audio data and commerce system. 
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In U.S. patent application Ser. No. 08/549,271 and EP personal computers represented by the desktop type or 

709760, a system has been proposed wherein the protection notebook type computers. In such a case, as an OS unique 

of an original digital content copyright and an edited digital for embedding, applicable to each of the devices, a real time 

content copyright in case of the edited digital content using OS is adopted in which execution speed is emphasized, 

a plurality of digital contents is carried out by confirming the 5 un \fce in a generalpurpose personal computer OS, in which 

validity of a usage request according to a digital signature on the man -machine interface is emphasized. 

aXu^ r/ eV ^ ? S 

In U.S. patent application Ser. No. 08/573,958, now U.S. ^ l ° each deVK * ™ ? ** ^ ^ ™ 

Pat. No. 5,740,246, and EP 719045, various forms have been 1fl f 0 ^ bc ™ ?™V°^> therefore, that a general-purpose OS 

proposed for applying the digital content management sys- 10 for P ersona i c ° m P uters 35 a real-time OS for embedding is 

tem to a database and a video-on-demand (VOD) systems or u ? ed instead * Bv arraD g in S a specified program for embed- 

an electronic commerce. ding in a sub-system combined with the micro-kernel, a 

In U.S. patent application Ser. No. 08/663,463, now U.S. rcal - time OS for embedding can be obtained for embedding. 

Pat. No. 5,848,158, EP 746126, a system has been proposed, As the major functions of an OS, there is a task control, 

in which copyrights on an original digital content and a new 15 such as scheduling, interruption processing, and the like, 

digital content are protected by using a third crypt key and With respect to task control, there are two kinds of OS's; the 

a copyright label in case of using and editing a plurality of single-task type, in which only one task is executed at the 

digital contents. same time, and the multi-task type, in which a plurality of 

As can be understood from the digital content manage- task processes are executed at the same time. The multi-task 

ment systems and the digital content management apparatus 20 type is further classified into two lands; one multi-task type, 

which have been proposed by the inventor of the present changing of tasks depends on the task to be executed, and the 

invention described above, the management of a digital other multi-task type, the changing does not depend on the 

content copyright can be realized by restricting encryption/ task to be executed. 

decryption/re-encrypuon and the form of the usage. The In the aforementioned types, the single-task type assigns 

cryptography technology and the usage restriction thereof 25 one process to a CPU (Central Processing Unit) and the CPU 

can be realized by using a computer. is not released until the process comes to an end, and a 

In order to use the computer efficiently, an operating non-preemptive multi-task type performs time-division for 

system (OS) is used which, supervises the overall operation the CPU, and the CPU can be assigned to a plurality of 

of the computer. The conventional operating system (OS) processes. As long as the process which is being executed 

used on a personal computer or the like is constituted of a does not give control back to the OS, other processes are not 

kernel for handling basic services such as memory control, executed. And a preemptive multi-task type interrupts the 

task control, interruption, and communication between pro- process which is being executed during a certain time 

cesses and OS services for handling other services. interval and thereby forcibly move the control to another 

However, improvement in the functions of the OS which 35 process. Consequently, real time multi-task can be available 

supervises the overall operation of computers is now being only in the case of the preemptive type, 

demanded where circumstances change on the computer Task control in a computer is performed according to 

side, such as improved capability of microprocessors, a processes being units having system resources such as a 

decreased price of RAMs (Random Access Memory) used as memory and a file. Process control is performed according 

a main memory, as well as improvement in the performance 4Q to a thread, being a unit in which CPU time is assigned, in 

capability of computers is required by users, as a which the process is minutely divided. Incidentally, in this 

consequence, the scale of an OS has become comparatively case, the system resources are shared in all the threads in the 

larger than before. same process. More than one threads, therefore, may exist 

Since such an enlarged OS occupies a large space itself in which share the system resources in one process, 

the hard disk stored OS, the space for storing the application 4S Each task which is processed by the multi-task type has a 

programs or data needed by the user is liable to be priority spectrum, which is generally divided into 32 classes, 

insufficient, with the result in which the usage convenience In such a case, a normal task without interruption is classi- 

in the computer becomes unfavorable. fied into dynamic classes which are divided into 0 to 15 

In order to cope with such a situation, in the latest OS, an classes, while a task performing interruption is classified 

environmental sub-system for performing emulation of 50 into realtime classes divided into 16 to 31 classes, 

other OS and graphics displaying, and a core sub-system Interruption processing is carried out using interruption 

such as a security sub-system are removed from the kernel, enabling time (generally, 10 milliseconds) referred to as a 

as a sub-system that is a part that depends on the user. The time slice, as one unit. A normal interruption is carried out 

basic parts such as a HAL (hardware abstraction layer) for during a time slice of 10 milliseconds. In such a situation, a 

absorbing differences in hardware, a scheduling function, an 55 time slice has recently been proposed wherein the interrup- 

interruption function, and an I/O control function is a tion enabling time is set to 100 microseconds. When such a 

micro-kernel, and a system service API (Application Pro- real time slice is used, an interruption can be carried out with 

gramming Interface) is interposed between the sub-system greater priority than the conventional 10 milliseconds, 
and the micro-kernel, thereby constituting the OS. 

By doing so, extension of the OS by change or addition eo SUMMARY OF THE INVENTION 

of functions will be improved, and portability of the OS can In the present application, there is proposed a digital 

be facilitated corresponding to the applications. By a dis- content management apparatus which further embodies a 

tributed arrangement for elements of the micro-kernel to a digital content management apparatus which can be used 

plurality of network computers, the distributed OS can also with the user terminal proposed in EP 704785, for managing 

be realized without difficulty. 65 a digital content, specifically, a copyright of the digital 

Computers are used in computer peripheral units, various content claiming the copyright. And also there is proposed 

control units, and communication devices in addition to the a system to which the idea applied to the digital content 
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management apparatus is further applied to secrecy protec- sents an n-order user terminal, and 8 represents a digital 

tion of the digital content. content management center. 

In the present application, a system for watching the On the above arrangement, the databases 1, 2, 3, the 

illegitimate usage of the digital content and an apparatus digital content management center 8, primary user terminal 

therefor are proposed. These system and apparatus are a real 5 4, secondary user terminal 5, tertiary user terminal 6, and 

time operating system using a micro-kernel, and are incor- n-order user terminal 7 are connected to the communication 

porated in the digital content management apparatus as an network 9. 

interruption process having a high priority, or are arranged i n this figure, a path shown by a broken line represents a 

in a network system using the digital content. It is watched pat h for transferring encrypted digital content, a path shown 

whether an illegitimate usage or not, by interrupting into the io 5y a solM ^ repr esents a path for transferring requests 

use process when a user utilizes the digital content. In the ft om eacn 0 f the user terminals 4, 5, 6, 7 to the digital 

case where illegitimate usage is performed, a warning or a contenl management center 8, a path shown by a oneKiot 

stop for the usage is given. cna j n ]j ne re p resen ts a path through which a permit key 

Furthermore, in the present application, decryption/re- corresponding to a usage request, a digital content manage- 

encryption functions in the digital content management 15 ment program and a crypt key are transferred from each of 

apparatus having the decryption/re-encryption functions are the databases 1, 2, 3, and the digital content management 

not restricted within the user apparatus but are provided in center 8 to each of the user terminals 4, 5, 6, 7. 

a gateway or a node between the networks, so that the This digita i content management system employs a first 

exchange of secret information is secured between different ^ pu blic-key Kbl, a first private-key Kvl corresponding to the 

networks. fi ret public-key Kbl, a second public-key Kb2, and a second 

By using the apparatus according to the present invention, private-key Kv2 corresponding to the second public-key 

for the conversion of crypt algorithm, information exchange Kb2 that are prepared by the user, and a first secret-key Ksl 

can be made possible between systems which adopt different and a second secret-key Ks2 prepared by the database. The 

crypt algorithms. 25 database encrypts digital content M by using the first secret- 



BRIEF DESCRIPTION OF THE DRAWINGS 



key Ksl: 

Cmksl~E (Ksl, Af), 



FIG. 1 is a structural view of a digital content manage- 
ment system to which the present invention is applied. and further encrypts the first secret-key Ksl by the first 

FIG. 2 is a structural view of a digital content manage- 30 P ublic " ke y KW: 

ment apparatus to which the present invention is applied. ckslkbl-E {Kbl Ksl ) 

FIG. 3 is a structural view of another digital content 

management apparatus to which the present invention is and the second secret-key Ks2 by the second public-key 

applied. ^ Kb2: 

FIG. 4 is a structural view of a system for watching the cksim-E (Kbl Ksl) 
digital content usage according to the present invention. 

FIG. 5 is a structural view of a system for protecting The database then transfers these encrypted digital content 

digital content secrecy according to the present invention. Cmksl, the first and the second secret-keys Ckslkbl and 

40 Ck2kb2 to the user. 

DETAILED DESCRIPTION OF THE The user decrypts the encrypted first secret-key Ckslkbl 

INVENTION using the first private-key Kvl: 

The present invention is a copyright management system KsUD (Kvl, cksUbi), 
and an apparatus for digital content. In the following 

description, numerous specific details are set forth to pro- 45 and decrypts the encrypted digital content Cmksl by the 

vide a more thorough description of the present invention. It decrypted first secret-key Ksl: 
will be apparent, however, to one skilled in the art, that the 

present invention may be practiced without these specific - ( * > ) 

details. In other instances, well known features have not an d uses it. The user decrypts encrypted second secret-key 

been described in detail so as not to obscure the present Cks2kb2 by the second private-key Kv2: 

invention. 

The description of the preferred embodiments according Ksi=D (Kvl, ckslkbl), 

to the present invention is given below referring to the . • u - u *t j * i r * • 

. , , . & 6 which is subsequently used as a crypt key for storing, 

accompanied drawings. „ . , . J ,. . , , , J &> 

r & 55 copying, or transferring digital content. 

FIG. 1 shows a structure of the digital content manage- if the primary user 4 copies digital content obtained and 

ment system to which the present application applies. then supplies it to the secondary user 5, the digital content 

In this digital content management system illustrated in does not involve the copyright of the primary user 4 because 

FIG. 1, reference numerals 1, 2 and 3 represent databases no modifications have been made to the digital content. If, 

stored text data, binary data of a computer graphics screen 60 however, the primary user 4 produces new digital content 

or a computer program and digital content of sound or based on the digital content obtained or using a means for 

picture data, which are not encrypted. 9 represents a com- combining with other digital content, the new digital content 

munication network constituted of using a public telephone involves a secondary copyright for the primary user 4, and 

line offered by a communication enterprise or a CATV line the primary user 4 has the original copyright for this 

offered by a cable television enterprise, 4 represents a 65 secondary work. 

primary user terminal, 5 represents a secondary user Similarly, if the secondary user 5 produces further new 

terminal, 6 represents a tertiary user terminal, and 7 repre- digital content based on the digital content obtained from the 



12/08/2003, EAST Version: 1.4.1 



US 6,424,715 Bl 

7 8 

primary user 4 or combining with other digital content, the time. Since the configuration of the MPU 24 and MPU 29 in 

new digital content involves a secondary copyright for the FIG. 2 is a multiprosessor configuration which performs 

secondary user 5, and the secondary user 5 has the original parallel processing with a PCI bus 23, high processing speed 

copyright of this secondary work. can be achieved. 

Databases 1, 2, and 3 store text data, binary data consti- 5 In the digital content management apparatus shown in 

tuting computer graphics screens or programs and digital FIG. 2, the storage medium, such as HDD 18, for storing 

content such as digital audio data and digital picture data, re-encrypted digital content is connected to the system bus 

which are encrypted and supplied to the primary user 15 of the user terminal 11. In order to store re-encrypted 

terminal 4 via network 9 during a digital content read digital content, therefore, the encrypted digital content must 

operation in response to a request from the primary user 10 be transferred by way of the system bus 15 of the user 

terminal 4. terminal 11 and the local bus 25 or 30 of the digital content 

Managing the digital content obtaining from the database management apparatus 12 or 13, and consequently, process- 
is carried out by the method described in Japanese Patent ing speed can be slowed. 

Laid-open No. 185448/1996 or in Japanese Patent Laid- In the digital content management apparatus shown in 

Open No. 287014/1996, which have been proposed by the 35 FIG. 3, a communications device COMM and a CD-ROM 

present inventor. drive CDRD are connected to a local bus of a digital content 

Recently, a PCI (Peripheral Component Interconnect) bus management apparatus for decryption, and a storage device 

has attracted attention as means for implementing a multi- such as HDD for storing re-encrypted digital content are 

processor configuration in a typical personal computer. The connected to the local bus of a digital content management 

PCI bus is a bus for external connection connected to a 20 apparatus for re-encryption. 

system bus of a personal computer via a PCI bridge, and The digital content management apparatus 35 for decryp- 

allows to implement a multiprocessor configuration. tion has the computer system configuration having a MPU 

The digital content includes graphics data, computer 37, a local bus 38 for the MPU 37, and ROM 39, RAM 40 

programs, digital audio data, still picture data by JPEG and and EEPROM 41 connected to the local bus 38, and a 

also moving picture data by MPEG 1 or MPEG 2, in addition 25 communication device COM 42 and a CD-ROM drive 

to character data. In case that the digital content to be CDRD 43 are connected to the local bus 38. The encrypted 

managed is moving picture data by JPEG still picture system digital content supplied from the communication device 

or moving picture data by MPEG 1 or MPEG 2, as having COM 42 and the CD-ROM drive CDRD 43 are decrypted in 

remarkably large amount of data with high speed, managing this apparatus. 

the digital content by a single processor is difficult. 30 The digital content management apparatus 36 for 

FIG. 2 is a block diagram illustrating an arrangement of re-encryption has the computer system configuration having 

a digital content management apparatus used for managing a MPU 44, a local bus 45 for the MPU 44, and ROM 46, 

the digital content of the above in the digital content RAM 47 and EEPROM 48 connected to the local bus 45, 

management system shown in FIG. 1. and HDD 49 is connected to the local bus 45. The digital 

The digital content management apparatus comprises a 35 content which has been re-encrypted in the digital content 

first digital content management apparatus 12 connected to management apparatus 36 for re-encryption is stored in 

a user terminal 11 and a second digital content management HDD 49. 

apparatus 13. In the protection of a digital content copyright, the great - 
The first digital content management apparatus 12 has a est issue is how to prevent from illegitimate usage of the 
computer configuration having a MPU (Microprocessor 40 digital content on the user side apparatus. Decryption/re - 
Unit) 24, a local bus 25 of MPU 24, ROM (Read-Only encryption and restriction on usage are carried out by a 
Memory) 26 connected to the local bus 25, RAM 27 and digital content management program for this purpose. 
EEPROM (Electrically Erasable Programmable Read-Only However, since decryption/re-encryption of the digital 
Memory) 31. content to be protected the copyright is performed using an 
A PCI bus 23 is connected to a system bus 15 for a 45 apparatus on the user side, it is virtually impossible to expect 
microprocessor 14 via a PCI bridge 22 and the local bus 25 that processing of the decryption/re-encryption and the 
for the MPU 24 of the digital content management apparatus management of the crypt key which is used for the purpose 
12 is connected to the PCI bus 23, and also a local bus 30 will be complete. There is a possibility that the digital 
for MPU 29 of the digital content management apparatus 13. content will be illegitimately stored, copied, transmitted and 
Also connected to the system bus 15 of the user terminal 11 50 edited by invalidating the digital content management pro- 
are a communications device (COMM) 21 which receives gram. 

digital content from external databases and transfers digital In order to restrict such illegitimate usage, it is required 

content to the external of the terminal, a CD-ROM drive that a digital content management program for decryption/ 

(CDRD) 20 which reads digital content supplied on re-encryption of the digital content, and for managing the 

CD-ROM, a flexible disk drive (FDD) 19 which copies 55 crypt key cannot be altered by the user. For this purpose, 

received or edited digital content in a flexible disk to supply incorporation of the digital content management program 

to the external of terminal, and hard disk drive (HDD) 18 into the hardware is the most secure method, 

used for storing digital content. COMM 21, CDRD 20, FDD For example, there is a configuration in which a dedicated 

19, and HDD 18 may also be connected to the PCI bus 23. scramble decoder is currently used for descrambling 

While ROM, RAM etc., of course, are connected to the 60 scrambled broadcast programs in analog television 

system bus 15 of the user terminal, these are not shown in broadcast, so that decryption/re-encryption of the digital 

FIG. 2. content and management of the crypt key are available only 

The decryption and re-encryption operations are per- by using a dedicated digital content management apparatus, 

formed by either of the MPU 24 of the first digital content Although such a configuration is reliable, the system 

management apparatus 12 and the MPU 29 of the second 65 structure is lacking in flexibility. When the apparatus on the 

digital content management apparatus 13, i.e., one performs user side is changed, or the digital content management 

decryption and the other performs re-encryption at the same program is changed, it is very hard for the user to respond 
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to such changes. In case of a network computer on which has watched without affecting regular usage by the user, and a 

been recently focused, since the network computer does not warning can be given and usage thereof can be forcibly 

have a function for storing the digital content management stopped. 

program, it would be impossible to realize the digital content The digital content management program with such a 

management program in the hardware. 5 watching function is incorporated into a sub-system area 

In order to correspond with flexibility to a case where the which is operated in the user mode in place of the kernel of 

apparatus on the user side changes, or a case where the the OS, and the watch process is regarded as a process with 

digital content management program is changed, it is desir- a high priority. By constituting the system in this way, the 

able for the digital content management program to be usage status of the digital content by decryption/re- 

software. However, there is a possibility that the digital 10 encryption and also the illegitimate usage other than the 

content management program is altered as long as the digital permitted usage can be watched at the same time, and such 

content management program is an application program. watching can be executed smoothly. 

For the digital content management program being The digital content management apparatus shown in FIG. 

software, the digital content management program is 3 has a multi-processor structure in which a first digital 

required to be incorporated in a kernel that is a fixed area and is content management apparatus 35 and a second digital 

cannot be altered by the user. However, it is not practical for content management apparatus 36 are connected to an 

the digital content management program to be incorporated apparatus on the user side via a PCI bus. The decryption and 

in the fixed area of a kernel, where the digital content re-encryption operations of the first digital content manage - 

management system and the cryptosystem are differentiated ment apparatus 35 and the second digital content manage - 

between the databases. 20 ment apparatus 36 are controlled by the digital content 

As described above, some real time OS can perform management program in the user terminal 34. 
interruption in real time slice time which is one or two The digital content management program of the user 

figures faster than the time slice of the system in another OS terminal 34 also manages the operation of the communica- 

that includes kernel area. By using this technology, the usage tion device 42, the CD-ROM drive 43, the flexible disk drive 

status of the digital content which is claiming the copyright, 25 19 and the hard disk drive 39, which manage loading or 

is watched without affecting the overall operation. And if an downloading of encrypted digital content, and storing into 

illegitimate usage is found, it is possible to give a warning the hard disk drive 39, copying to the flexible disk drive 19 

or to forcibly stop the usage thereof. and uploading to the communication device 42 of 

Next, a method for reinforcing a digital content manage- re-encrypted digital content, 
ment program by using a real time OS is described. 30 Since illegitimate usage of the digital content is carried 

The digital content management apparatus shown in FIG. out by unauthorized editing, unauthorizing storing, unau- 

2 has a multi-processor structure in which a first digital thorized copying or unauthorized uploading of the decrypted 

content management apparatus 12 and a second digital digital content, it can be detected as to whether the illegiti- 

content management apparatus 13 are connected to an mate usage has been carried out or not, by checking whether 

apparatus on the user side via a PCI bus. The decryption and 35 editing, storing, copying or uploading of the decrypted 

re-encryption operations of the first digital content manage- digital content is performed or not. As a consequence, the 

ment apparatus 12 and the second digital content manage- process for watching the illegitimate usage interrupts a 

ment apparatus 13 are controlled by the digital content digital content use process which is being executed in a 

management program in the user terminal 11. certain time interval, while interrupting by a preemptive 

The digital content management program of the user 40 type multi-task which forcibly carries out watching of the 

terminal 11 also manages the operation of the communica- process. 

tion device 21, the CD-ROM drive 20, the flexible disk drive The multi-task time slice normally carried out is 10 
19 and the hard disk drive 18, which manage loading or milliseconds, and the decryption/reencryption process is 
downloading of encrypted digital content, and storing into carried out in this time unit. On the other hand, the fastest 
the hard disk drive 18, copying to the flexible disk drive 19 45 real time slice is 100 /US, which is 1/100 of the normal time 
and uploading to the communication device 21 of unit. Consequently, the watching task, which has high inter- 
re-encrypted digital content. ruption priority, can watch the digital content as to whether 
Since illegitimate usage of the digital content is carried the decrypted digital content is being edited, stored, copied 
out by unauthorized editing, unauthorized storing, unautho- or uploads, so that the usage status of the digital content for 
rized copying or unauthorized uploading of the decrypted 50 which the copyright is claimed can be watched without 
digital content, whether the illegitimate usage has been affecting regular usage by the user, and if illegitimate usage 
carried out or not, can be detected by whether editing, is found, a warning can be given and usage thereof can be 
storing, copying or uploading of the decrypted digital con- forcibly stopped. 

tent is performed or not. As a consequence, the process for The digital content management program with such a 

watching the illegitimate usage interrupts a digital content 55 watching function is incorporated into a sub-system area 

use process which is being executed in a certain time which is operated in the user mode in place of the kernel of 

interval, while interrupting by a preemptive type multi-task the OS, and the watching process is regarded as a process 

which forcibly carries out watching of the process. with a high priority. By constituting the system in this way, 

The multi-task time slice normally carried out is 10 the usage status of the digital content by decryption/re - 

milliseconds, and the decryption/re-encryption process is 60 encryption and also the illegitimate usage other than the 

carried out in this time unit. On the other hand, the fastest permitted usage can be watched at the same time, and such 

real time slice is 100 microseconds, which is 1/100 of the watching can be executed smoothly, 
normal time unit. Consequently, the watching task, which Next, a structure for watching the illegitimate usage of the 

has high interruption priority, can watch the digital content digital content in the distributed OS is described referring to 

as to whether the decrypted digital content is being edited, 65 FIG. 4. FIG. 4 illustrates a structure of a general distributed 

stored, copied or uploaded, so that the usage status of the type OS, in which servers 51 to 54 and clients 55 to 58 are 

digital content for which the copyright is claimed can be connected to a network 50. 
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The network 50 is a restricted network such as LAN In the case where the digital content having a large 

(Local Area Network) in an office. Each of the servers 51 to amount of information, such as digital picture content is 

54 stores basic OS elements of the micro-kernel, application handled in the digital content management system which is 

elements which are a sub-system, or the digital content. In carried out via the network, an ISDN (Integrated System for 

order to manage the digital content, the digital content s Digital Network) line is used in many cases as a commu- 

management program which has been described so far is nication line 

required. This digital content management program is M the ISDN K there m generallv used two data 

£ i'i m v C T 6 ' f ,1 Wat ?P ro g; an ; channels having a data transmission speed of 64 Kbps (Kilo 

tor watching the illegitimate usage of the digital content u ** f\ c j . -n if i j . • 

having a high priority for interruption is stored, for example, f pe [ re£ ? rrcd t0 aS . channels > an ? a ™ l 

in the supervisory server 51 for supervising the overall 30 channe ^ havmg a data transmission speed of 16 Kbps 

operation of the distributed Os. referred to as D channel. Naturally, the digital content is 

Although the terminal apparatus of the clients 55 to 58 is transmitted through one or two data channels, while the D 

a simple terminal, the terminal is provided with a copying channel is not used in many cases. 

device such as a flexible drive or the like when necessary. Thus ' if tne D channel is used for the interruption watch- 
In such a structure, when the clients 55 to 58 use the 15 m 8 °y the watch program, it would be possible to watch the 
digital content which is stored in the servers 51 to 54, the usa g e status Dv remote control without affecting the usage of 
clients 55 to 58 are supplied the micro-kernel that is the the digital content at all. 

basic OS elements from each of the servers, and also When the user uses information to which a copyright is 

supplied the digital content management program which is claimed, the real time OS is automatically linked to the 

stored in the server 54, and thus, the digital content can be 20 digital content management center, it is also possible to 

used. watch and manage the re-encryption mechanism with a real 

The digital contents stored in the server are either time OS as a result, 

encrypted or not encrypted. In either of these cases, the Further, in the case where a digital content creator or an 

digital content is supplied with encrypted when supplied to end user uses information to which a copyright is claimed, 

the clients. Therefore, in order for the client to use the 25 a re-encryption program resident in the PC uses the real time 

encrypted digital content, it is necessary to obtain the crypt OS so that remote watching and management can be made 

key and to decrypt by the digital content management possible: 

program as has been described above. Next, application of the digital content management sys- 

The fact that the client uses the digital content and the tem to the prevention of the leakage of information is 

digital content management program is grasped by the 30 described. FIG. 5 illustrates a structure of the system for 

supervisory server 51. This watch process automatically preventing from the leakage of information by applying the 

interrupts the process which is being executed by the client system to an intranet system in which a LAN is connected 

at regular intervals without the client's request, and watches, to the Internet system. 

and gives a warning or stop of the usage if an illegitimate In FIG. 5, reference numerals 60, 61, and 62 represent the 

usage is detected. 35 network systems which are connected to each other by a 

Since such a watch process can be completed with a public line 63. In particular, the network system 62 is a LAN 

process having a small size, and therefore, that affects little system established in a office or the like. These network 

on the operation on the client side, and the user does not systems are connected with each other via a public commu- 

notice the operation of the watch program. nication line or the like to constitute an Internet system as a 

In the distributed OS, the servers and the clients have been 40 whole. Clients 64, 64, 64 are connected to the LAN system 

explained as separated. However, the aforementioned struc- 62 and servers not shown in the figure are connected in 

ture may be applied when a client machine is provided with addition. 

a hard disk drive, and the client machine also serves as the The LAN system has secret data such as business secrets 

server machine. When the network 50 is not a restricted one and the like therein. Since the LAN system is connected to 

as LAN in a office, but a non-restricted one such as the 45 the outside network, the problems of the leakage of the 

Internet system, the aforementioned structure can be also secret information to the outside, or of the access to the 

applied. secret information from the outside may arise. As a 

In particular, such a structure is effective in a network consequence, although an information partition, called a 

computer system. Even in the case where the user modifies "fire-wall," is normally provided between the LAN system 

a computer not provided with a storage device, a copying 50 and the public line, that is not technologically perfect. Also, 

device or a communication device for transmission, or use even in the case of the business secret data, it may be 

a normal computer pretending to be of a network computer necessary to supply the business secret data to another party, 

system, the digital content can be managed by remote where the another party network has a common interest, and 

control. in such a case, the presence of the fire-wall becomes an 

Furthermore, the structure can be applied to the digital 55 obstacle, 

content management system shown in FIG. 1. In such a case, As has been described repeatedly, the management of the 

the watch program is stored in the digital content manage- secret data can be completely carried out through encryp- 

ment center 8 of FIG, 1 to regularly watch whether users tion. In the case where the crypt algorithm used in the other 

illegitimately use the encrypted digital content supplied party network is common with the algorithm used in the 

from the database through the network 9 by remote control. 60 one's own network, the secret data can be shared by sending 

In case where the digital content is broadcast via analog the crypt key to the other party by some means. In the case 

data broadcast or via digital data broadcast, the watch where the crypt algorithm used in the other party network is 

program may be transferred by inserting to the digital different from the algorithm which is used in one's own 

content. Also, the watch program may be resident in an network, such means cannot be adopted, 

apparatus of the digital content user so that the remote 65 In order to cope with such a problem, crypt key conver- 

control is made possible by periodically broadcasting watch sion devices 65, 66 and 67 are arranged in place of or 

program control signal together with the fire-wall in the Internet system shown in 
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FIG. 5. These crypt key conversion devices 65, 66 and 67 
have the same configuration as the digital content manage- 
ment apparatus which have been described by using FIGS. 
2 and 3, and perform decryption/re -encryption by two dif- 
ferent crypt keys. 5 

For example, the crypt key conversion device 65 decrypts 
an encrypted data from the network 60, and re-encrypts the 
decrypted data by using the crypt key common to the whole 
Internet system. The crypt key conversion device 67 which 
has received the re-encrypted data decrypts the re-encrypted 
data by using the crypt key common to the whole Internet 
system, and re-encrypts the decrypted data and supplies it to 
the client 64. By doing this, the problem of sending the crypt 
key is alleviated. 

These crypt key conversion devices 65, 66 and 67 can be 
arranged in a gateway or a node which is used as a 15 
connection between networks. Further, even in a closed 
network system other than the Internet, which is a liberated 
system, this system functions efficiently in such cases where 
individual information such as reliability information, medi- 
cal information or the like is handled, and where access to 20 
the data is necessary to differ by levels. 

These crypt key conversion devices also can be used so as 
to convert the crypt algorithm. There are plurality of crypt 
algorithms which are currently used or proposed. In the 
worst case, a plurality of networks using different crypt 25 
algorithm respectively coexist, and thus, compatibility is 
lost, which becomes an obstacle to the development of the 
information oriented society. Even if a new effective crypt 
algorithm is developed, and if it has not compatibility with 
the existing crypt algorithm, an obstacle to the development 30 
of the information oriented society may similarly be 
brought. 

In order to cope with such problems, the crypt algorithm 
can be converted by arranging the crypt key conversion 
devices 65, 66 and 67 of FIG. 5 in th e gateway on the 35 
network. These crypt algorithm conversion devices decrypt 
the encrypted data to be re-encrypted with a different crypt 
algorithm. 

For example, the crypt algorithm conversion device 65 
decrypts the data which is encrypted by a crypt algorithm 40 
unique to the network 60 and re -encrypts the decrypted data 
by a crypt algorithm which is common in the whole Internet 
system. The crypt algorithm conversion device 67 that has 
received the re-encrypted data decrypts the re-encrypted 
data, encrypts the decrypted data by the crypt algorithm 45 
unique to the network 62, and supplies it to the client 64. 

By doing so, it becomes possible to handle the encrypted 
data between networks that adopt different crypt algorithms. 
Here, there may be two cases; one is a case in which the 
crypt key is not changed at all, and the other is a case in 50 
which the crypt key is changed at each stage. 

In using databases, in a case where a data storing server 
referred to as "proxy server" or "cache server" is used, and 
where the digital content is encrypted, the crypt key or crypt 
algorithm used between a data server and the proxy server 55 
may be differentiated from the crypt key or crypt algorithm 
used between the proxy server and a user, and then, the 
conversion of them is carried out by using the crypt key 
conversion device or crypt algorithm conversion device, so 
that the encrypted digital content can be prevented from 60 
illegitimate usage ihereof. 

The conversion of the crypt algorithm by these devices 
can be effected by units of countries. Even in the case where 
crypt algorithms are used which differ from one country to 
another, it becomes possible to adopt a key escrow system 65 
unique to the respective country, or a key recovery system 
using the key escrow system. 
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It is understood that particular embodiments described 
herein are illustrative and the present invention is not limited 
to these particular embodiments. It will be apparent to those 
skilled in the art that changes can be made in the various 
details described herein without departing from the scope of 
the invention. The present invention is defined by the claims 
and their full scope of equivalents. 

I claim: 

1. A digital content management system which uses 
digital contents, said system having: 

a server in which a watch program which watches ille- 
gitimate usage of the digital content is stored, said 
watch program having a high interruption priority, and 
being constituted as a real time operating system using 
a micro-kernel, in a network, 

2. A digital content management apparatus used with a 
user terminal which uses a digital content, said digital 
content management apparatus comprising a 
microprocessor, a microprocessor bus, a read-only semicon- 
ductor memory, an electrically erasable and programmable 
read-only memory, and a read/write memory, wherein: 

said microprocessor, said read-only semiconductor 
memory, said electrically erasable and programmable 
read-only memory and said read/write memory are 
connected to said microprocessor bus, and a system bus 
of said user terminal is capable of being connected to 
said microprocessor bus; 

a crypt algorithm and a watch program watching illegiti- 
mate usage of the digital content, are components of an 
operating system stored in said read-only semiconduc- 
tor memory, said watching program having a high 
interruption priority; and 

a user's first public-key, a user's first private-key, a user's 
second public-key, a user's second private-key, a digital 
content management program, a database's first secret- 
key, a database's second secret-key and copyright 
information are stored in said electrically erasable and 
programmable read-only memory. 

3. The digital content management apparatus according to 
claim 2 is configured on an IC chip. 

4. The digital content management apparatus according to 
claim 2 is configured in an IC card. 

5. The digital content management apparatus according to 
claim 2 is configured in a PC card. 

6. The digital content management apparatus according to 
claim 2 is configured in an inserted board. 

7. A digital content management apparatus which protects 
the secrets of a digital content in a network, said digital 
content management apparatus comprising a 
microprocessor, a microprocessor bus, a read-only semicon- 
ductor memory, an electrically erasable and programmable 
read-only memory and a read/write memory, wherein: 

said microprocessor, said read-only semiconductor 
memory, said electrically erasable and programmable 
read-only memory and said read/write memory are 
connected to said microprocessor bus, and a system bus 
of said user terminal is capable of being connected; 

a crypt algorithm and a watch program watching illegiti- 
mate usage of the digital content, are components of an 
operating system stored in said read-only semiconduc- 
tor memory, said watching program having a high 
interruption priority; and 

a user's first public-key, a user's first private -key, a user's 
second public-key, a user's second private-key, a digital 
content management program, a database's first secret- 
key, a database's second secret-key and copyright 
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information are stored in said electrically erasable and 
programmable read-only memory. 

8. The digital content management apparatus according to 
claim 7 is configured on an IC chip. 

9. The digital contents management apparatus according 
to claim 7 is configured in an IC card. 
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10. The digital contents management apparatus according 
to claim 7 is configured in a PC card. 

11. The digital contents management apparatus according 
to claim 7 is configured in an inserted board. 
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